Collaborate Disseminate
SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is an… Continue reading SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)
Somewhere, right now, a CISO is in a boardroom making their best case for stronger identity threat detection and response (ITDR) initiatives to lower the risk of intrusion. For a good reason, too: Look no further than the Change Healthcare breach, wher… Continue reading How CISOs enable ITDR approach through the principle of least privilege
As organizations increasingly adopt third-party AI tools to streamline operations and gain a competitive edge, they also invite a host of new risks. Many companies are unprepared, lacking clear policies and adequate employee training to mitigate these … Continue reading The CISO’s approach to AI: Balancing transformation with trust
In this Help Net Security, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID Connect, strict HTTPS encryption, and the use of JWTs for stateless authentication. Gupta rec… Continue reading Overlooked essentials: API security best practices
The hype surrounding unmanaged and exposed non-human identities (NHIs), or machine-to-machine credentials – such as service accounts, system accounts, certificates and API keys – has recently skyrocketed. A steady stream of NHI-related brea… Continue reading Risk related to non-human identities: Believe the hype, reject the FUD
The worst time to find out your company doesn’t have adequate access controls is when everything is on fire. The worst thing that can happen during an incident is that your development and operations teams are blocked from solving the problem. That’s w… Continue reading The importance of access controls in incident response
In all BLP model descriptions I’ve seen, the permissions set is defined to be {Read, Write, Append, Execute}.
None of the three BLP security properties
The Simple Security Property states that a subject at a given security level may not r… Continue reading Bell-Lapadula model "Execute" permission
Let’s say a user requires admin privileges as part of their role for installation of required tooling. Would allowing them a separate admin account to perform these activities be best practice as opposed to needing a separate team member w… Continue reading Does giving a user a Admin / Privileged account plus a standard account violate "Separation of Duties"?
When used in web applications and network security, encryption is typically used to protect data in transit and at rest. For example, web browsers and servers can use encryption to protect the data that is transmitted between them over the… Continue reading How does encryption work with access control and authentication together to enhance web application security? [closed]
Integration of access control systems with video surveillance allows security personnel to perform access control audits, which can help identify any unauthorized access attempts or other security threats. This information can be used to i… Continue reading How can integrating access control systems with video surveillance help prevent unauthorized access? [closed]